SWP Documentation & Guides

What is the Symbol Word Protocol?

The Symbol Word Protocol (SWP) is a structured tagging system designed to make documents more understandable to AI systems. By adding semantic tags to your content, you help Large Language Models (LLMs) like ChatGPT, Claude, and other AI assistants process your documents with greater accuracy, consistency, and context awareness.

Why SWP Matters

AI systems work best when they understand the structure and intent of content. SWP provides:

Explicit Structure: Tags tell AI exactly what each section represents
Reduced Ambiguity: Clear metadata prevents misinterpretation
Consistent Processing: Same document structure yields consistent AI responses
Domain Context: Industry-specific tags add regulatory and metadata awareness

Account Required: All SWP tagging features (including the free General framework) require a free IdeaPhase account. Sign up to get started. Pro subscribers unlock domain frameworks, batch processing, GPT Idea Builder, and API access.

What's New

Recent platform enhancements expanding SWP capabilities for developers and enterprises:

Official SDKs

Python (pip install ideaphase) and JavaScript/TypeScript (npm install ideaphase) client libraries with full API coverage

V2 API

Enhanced response format with request IDs, rate limit headers, and structured error codes. V1 remains stable and backward-compatible

Agent-to-Agent Proof Sharing

Share and cross-reference proof receipts between different API keys for multi-agent verification chains

Webhook Notifications

HMAC-signed real-time callbacks for proof.created, chain.verified, proof.shared, and proof.cross_referenced events

SWP Playground

A/B evaluation tool comparing raw vs SWP-enhanced AI output across OpenAI, Anthropic, and Google models

Public Status Page

Live system health dashboard at /status with uptime metrics and response time charts

Health & Discovery API

GET /api/health for component-level status monitoring and GET /api/v1/discovery for automatic endpoint catalog. No authentication required

SWP Support Chat

AI-powered self-service support at /support with knowledge of SWP protocol, API usage, and troubleshooting

Docs Shortcut

GET /docs redirects to this documentation portal for convenience. Use either /docs or /swp-docs to access these guides

Core SWP Tags

These tags are applied to every document, regardless of which framework you choose:

@phase:

Development stage indicating where a document is in its lifecycle

@weight:

Complexity score (1-10) based on content depth and technical detail

@symbolic_id:

Unique identifier for cross-referencing and traceability

@swp_sum:

Cryptographic checksum for content integrity verification

@priority:

Urgency level: Critical, High, Medium, Low

@category:

Content type: Strategic, Operational, Technical, Creative

@regulatory_scope:

Mandatory safety tag, auto-detected on every document (including the free General framework). Reports single-domain (Sector) or cross-domain (Sector A, Sector B). When a document spans two or more regulated areas, a merged @regulatory_standards line is added so no metadata signal is lost

@security_classification:

Universal safety tag, auto-detected on every document for free (including the General framework). Reports content sensitivity — Public, Internal, Confidential, or Restricted — plus a (PII) / (PHI) flag when personal or health data is found. Personal/health data forces at least Confidential; secrets or credentials escalate to Restricted

@confidence:

Universal quality tag, auto-applied to every document for free. Reports how confident the encoder is in its own SWP classification — High, Medium, or Low — based on document substance and signal strength (deterministic, no AI guesswork)

// Example: Tagged project document
@phase: 3.2 - Design - Technical Specs
@weight: 7
@symbolic_id: 12
@swp_sum: 48291
@security_classification: Confidential (PII)
@confidence: High
@priority: High
@category: Technical
@regulatory_scope: single-domain (General)
@status: In Progress
@project_type: Enterprise

// Your document content follows...
        

Free vs Pro Features

Feature	Free Tier FREE	Pro Plan PRO
Single-file SWP tagging	Unlimited	Unlimited
Core SWP tags	All tags	All tags
Document proof generation	Yes	Yes
Batch processing (multi-file)	-	180/month
Domain frameworks	-	All 7 frameworks
GPT Idea Builder	-	180/month
Document Refinement	-	180/month
SWP Playground (A/B evaluation)	-	Yes (10 platform GPT/month + BYO key)
Usage Dashboard	-	Yes
API Access (V1 + V2)	-	Yes (via API keys)
Webhook Notifications	-	Yes (HMAC-signed)
Agent-to-Agent Proof Sharing	-	Yes
Official SDKs (Python & JS)	Available (requires Pro API key)

Tip: The free tier is perfect for individual documents, journaling, and learning the SWP system. Upgrade to Pro when you need batch processing for projects or industry-specific metadata tags.

Using SWP with AI Systems

SWP-tagged documents work seamlessly with AI assistants. Here's how to leverage them:

With ChatGPT / Claude

Example Prompt

"I'm providing an SWP-tagged document. Please read the metadata tags at the top to understand the context, development phase, and priority before responding to my questions."

With AI-Powered IDEs (Cursor, Replit, etc.)

Include SWP-tagged requirements and specifications in your project. The AI will use the phase and priority tags to understand which features to prioritize.

With Note-Taking / Journal Apps

Tag your notes and journal entries to create searchable, structured content. The @category and @status tags help you track progress on ideas over time.

// Journal entry with SWP tags
@phase: 1.1 - Ideation - Brainstorm
@category: Creative
@status: Draft
@priority: Medium

## Business Idea: Subscription Box for Pet Owners

Today I had an idea for a monthly subscription...
        

General Framework FREE

The General framework applies standard SWP tags suitable for any document type. It's the default framework and is available to all users, including free tier.

Built-in safety standard: The mandatory @regulatory_scope tag is applied here too — for free. The General framework auto-scans your text for regulated sectors and reports single-domain (Sector) or cross-domain (Sector A, Sector B). If your document clearly spans two or more regulated areas, a merged @regulatory_standards line is added automatically. You do not need a Pro plan or a domain framework to get this safety signal.

Best Use Cases

Project Documentation: PRDs, specifications, requirements
Personal Notes: Journals, idea logs, research notes
Business Documents: Proposals, reports, presentations
Creative Writing: Story outlines, character notes, world-building
Technical Documentation: API docs, user guides, tutorials

Extended Optional Tags

Enable "Show Extended Tags" to access additional metadata options:

@project_type:

MVP, Enterprise, Startup, Personal, Research

@use_case:

Specific application context

@target_audience:

Developers, Executives, End Users, etc.

@milestone:

MVP Launch, Beta Release, Alpha Demo

@risk_level:

Low, Moderate, High, Critical

@timeline:

Target completion timeframe

Example: Tagged Project Proposal

@phase: 2.1 - Research - Market Analysis
@weight: 5
@symbolic_id: 8
@swp_sum: 31847
@priority: High
@category: Strategic
@regulatory_scope: single-domain (General)
@status: In Review
@project_type: Startup
@target_audience: Investors
@milestone: Seed Round
@timeline: Q2 2026

## Mobile App Proposal: FitTrack Pro

### Executive Summary
FitTrack Pro is a fitness tracking application...
        

Healthcare & Clinical Framework PRO

HIPAA/GDPR compliant tagging for medical documentation, clinical workflows, and healthcare technology

Framework Tags

These 8 metadata tags (including the mandatory @regulatory_scope) are automatically applied when using the Healthcare framework:

@sector: Healthcare

Identifies the document as healthcare domain

@regulatory_scope: single-domain (Healthcare)

Mandatory tag — auto-detected; reports single-domain or cross-domain (Sector A, Sector B) coverage

@regulatory_standards: HIPAA, GDPR

Applicable data protection regulations

@compliance_posture: PHI Protection

Protected Health Information handling requirements

@data_sensitivity: Patient Data, Clinical Records

Data classification for healthcare

@audit_trail: Required

Logging and audit requirements for compliance

@data_minimization: Required

Collect only necessary data principle

@operational_principles: Need-to-Know Access, Encryption at Rest

Security and access control guidelines

Best Use Cases

Electronic Health Records (EHR): Patient record templates, clinical notes
Clinical Decision Support: Treatment protocols, diagnostic workflows
Healthcare Analytics: Population health reports, outcome tracking
Telehealth Platforms: Virtual visit documentation, remote monitoring
Medical Device Documentation: Device specs for FDA compliance

Example: Clinical Protocol Document

@phase: 4.2 - Core - Implementation
@weight: 8
@priority: Critical
@category: Operational
@sector: Healthcare
@regulatory_scope: single-domain (Healthcare)
@regulatory_standards: HIPAA, GDPR
@compliance_posture: PHI Protection
@data_sensitivity: Patient Data, Clinical Records
@audit_trail: Required
@data_minimization: Required
@operational_principles: Need-to-Know Access, Encryption at Rest

## Diabetes Management Protocol v2.1

### Patient Eligibility Criteria
Type 2 diabetes diagnosis confirmed via HbA1c > 6.5%...
          

Metadata Note: These tags signal to AI systems that the document contains sensitive healthcare data. LLMs should apply appropriate caution and not store or transmit PHI inappropriately.

Robotics & Autonomous Systems PRO

ISO 13482 / IEC 61508 compliant tagging for safety-critical systems and autonomous technology

Framework Tags

These 8 safety-focused tags (including the mandatory @regulatory_scope) are automatically applied when using the Robotics framework:

@sector: Robotics

Identifies the document as robotics/autonomous domain

@regulatory_scope: single-domain (Robotics)

Mandatory tag — auto-detected; reports single-domain or cross-domain (Sector A, Sector B) coverage

@regulatory_standards: ISO 13482, IEC 61508

Safety and functional safety standards

@compliance_posture: Safety-Critical Controls

High-reliability system requirements

@data_sensitivity: Sensor Data, Control Systems

Data classification for autonomous systems

@fail_safe_protocol: Required

Graceful degradation and emergency stop requirements

@real_time_processing: Required

Latency-critical processing constraints

@operational_principles: Redundancy, Human Override, Graceful Degradation

Safety design principles

Best Use Cases

Autonomous Vehicles: Navigation specs, sensor fusion docs, safety cases
Industrial Robotics: Manufacturing automation, collaborative robot specs
Drone Systems: Flight control, obstacle avoidance, geofencing
Medical Robotics: Surgical robot requirements, safety interlocks
Warehouse Automation: AGV navigation, pick-and-place systems

Example: Autonomous Navigation Specification

@phase: 3.1 - Design - Architecture
@weight: 9
@priority: Critical
@category: Technical
@sector: Robotics
@regulatory_scope: single-domain (Robotics)
@regulatory_standards: ISO 13482, IEC 61508
@compliance_posture: Safety-Critical Controls
@data_sensitivity: Sensor Data, Control Systems
@fail_safe_protocol: Required
@real_time_processing: Required
@operational_principles: Redundancy, Human Override, Graceful Degradation

## LiDAR-Based Obstacle Avoidance System

### Safety Requirements
The system shall detect obstacles within 50m range...
Emergency stop activation within 100ms of detection...
          

Safety Note: These tags indicate safety-critical documentation. AI systems processing this content should flag any ambiguity in safety requirements and never suggest shortcuts that compromise fail-safe mechanisms.

Legal Technology Framework PRO

GDPR/CCPA/EULA compliant tagging for legal document automation and privilege-aware processing

Framework Tags

These 8 legal metadata tags (including the mandatory @regulatory_scope) are automatically applied when using the Legal framework:

@sector: Law

Identifies the document as legal domain

@regulatory_scope: single-domain (Legal)

Mandatory tag — auto-detected; reports single-domain or cross-domain (Sector A, Sector B) coverage

@regulatory_standards: GDPR, CCPA, EULA

Data protection and licensing regulations

@compliance_posture: Privilege-Aware Controls

Attorney-client privilege protection

@data_sensitivity: Legal Documents, Intellectual Property

Data classification for legal content

@document_integrity: Required

Ensures unaltered processing of legal content

@audit_trail: Required

Logging and audit requirements

@operational_principles: Immutable Logs, Non-Repudiation

Legal accountability guidelines

Best Use Cases

Contract Management: Agreement templates, clause libraries, amendments
eDiscovery: Document review, privilege logging, production sets
Compliance Documentation: Policy documents, regulatory filings
Intellectual Property: Patent applications, trademark filings, IP portfolios
Legal Research: Case analysis, precedent summaries, legal briefs

Example: Contract Template Document

@phase: 4.1 - Core - Foundation
@weight: 7
@priority: High
@category: Operational
@sector: Law
@regulatory_scope: single-domain (Legal)
@regulatory_standards: GDPR, CCPA, EULA
@compliance_posture: Privilege-Aware Controls
@data_sensitivity: Legal Documents, Intellectual Property
@document_integrity: Required
@audit_trail: Required
@operational_principles: Immutable Logs, Non-Repudiation

## Master Services Agreement Template v3.2

### 1. Definitions
"Confidential Information" means any information disclosed...
          

Privilege Note: Documents tagged with the Legal framework signal potential attorney-client privilege. AI systems should not summarize or disclose content that could waive privilege protections.

Education Technology Framework PRO

FERPA/COPPA compliant tagging for learning platforms, student data protection, and curriculum alignment

Framework Tags

These 8 education metadata tags (including the mandatory @regulatory_scope) are automatically applied when using the Education framework:

@sector: Education

Identifies the document as education domain

@regulatory_scope: single-domain (Education)

Mandatory tag — auto-detected; reports single-domain or cross-domain (Sector A, Sector B) coverage

@regulatory_standards: FERPA, COPPA, GDPR

Student privacy and children's data protection

@compliance_posture: Student Data Protection

Core educational privacy requirement

@data_sensitivity: Student Records, Learning Analytics

Data classification for education

@accessibility: WCAG 2.1 AA Required

Inclusive education accessibility standards

@content_standards: Common Core, NGSS, State Standards

Curriculum alignment frameworks

@operational_principles: Age-Appropriate Design, Parental Consent, Data Minimization

EdTech ethical guidelines

Best Use Cases

Learning Management Systems (LMS): Course structures, assignment specs, gradebook designs
Curriculum Mapping: Standards alignment, lesson plans, scope and sequence
Assessment Platforms: Test specifications, rubrics, adaptive learning algorithms
Student Information Systems: Enrollment workflows, transcript management
Educational Analytics: Learning outcome tracking, intervention triggers

Example: LMS Course Specification

@phase: 3.2 - Design - Technical Specs
@weight: 6
@priority: High
@category: Operational
@sector: Education
@regulatory_scope: single-domain (Education)
@regulatory_standards: FERPA, COPPA, GDPR
@compliance_posture: Student Data Protection
@data_sensitivity: Student Records, Learning Analytics
@accessibility: WCAG 2.1 AA Required
@content_standards: Common Core, NGSS, State Standards
@operational_principles: Age-Appropriate Design, Parental Consent, Data Minimization

## Algebra I Course Module: Linear Equations

### Learning Objectives (CCSS.MATH.CONTENT.HSA.REI.B.3)
Students will be able to solve linear equations in one variable...
          

Privacy Note: Documents tagged with the Education framework indicate student data involvement. AI systems should never store, share, or process student PII beyond the immediate task, and must respect parental consent requirements for users under 13.

Financial Services Framework PRO

SOX/FINRA/Basel III compliant tagging for trading systems, risk management, and regulatory reporting

Framework Tags

These 8 financial metadata tags (including the mandatory @regulatory_scope) are automatically applied when using the Finance framework:

@sector: Financial Services

Identifies the document as financial domain

@regulatory_scope: single-domain (Finance)

Mandatory tag — auto-detected; reports single-domain or cross-domain (Sector A, Sector B) coverage

@regulatory_standards: SOX, GDPR, FINRA, Basel III, PCI-DSS

Financial regulations and compliance frameworks

@compliance_posture: Financial Controls Required

Core financial control requirement

@data_sensitivity: PII, Transaction Data, Account Information

Data classification for financial records

@audit_trail: Required

Mandatory transaction logging for compliance

@risk_classification: Required

Risk categorization for financial instruments

@operational_principles: Data Encryption, Immutable Logs, Non-Repudiation

Financial security best practices

Best Use Cases

Account Statements: Monthly statements, transaction summaries, balance reports
Transaction Processing: Payment workflows, transfer validation, settlement systems
Risk Management: Risk assessments, exposure analysis, hedging strategies
Regulatory Reporting: SOX compliance docs, FINRA filings, Basel III capital reports
Portfolio Management: Investment strategies, asset allocation, performance tracking
Compliance Automation: Policy enforcement, audit preparation, control monitoring
Treasury Operations: Cash management, liquidity planning, funding strategies

Example: Account Statement

@phase: 2.1 - Blueprint - System Architecture
@weight: 5
@priority: Medium
@category: Financial Reporting
@sector: Financial Services
@regulatory_scope: single-domain (Finance)
@regulatory_standards: SOX, GDPR, FINRA, Basel III, PCI-DSS
@compliance_posture: Financial Controls Required
@data_sensitivity: PII, Transaction Data, Account Information
@audit_trail: Required
@risk_classification: Required
@operational_principles: Data Encryption, Immutable Logs, Non-Repudiation

## Account Statement - March 2025

### Account Details
Account Number: 123-456-789
Customer: Jane Doe
Period: 01-Mar-2025 - 31-Mar-2025
          

Metadata Note: Documents tagged with the Finance framework indicate financial data handling requirements. AI systems should enforce data encryption, maintain immutable audit logs, and ensure non-repudiation for all transactions. Never process or store unencrypted financial PII.

AI-Agent Workflows & Marketing Framework PRO

The AI-Agent Workflows framework provides structured tagging for multi-agent orchestration, task automation, and marketing workflows. This framework is designed for the web3 community, AI automation platforms, and autonomous systems where multiple agents collaborate on complex tasks.

Why SWP for Agent Workflows? Generic tags without SWP logic create ambiguity. SWP acts as a "UUID/SHA-256 equivalent" for agent workflows - providing deterministic structure that ensures consistent agent behavior, proper handoffs, and auditable decision chains.

Framework Tags

These 9 agent workflow tags (including the mandatory @regulatory_scope) are automatically applied when using the AI-Agent Workflows framework:

@sector: AI-Agent Workflows

Identifies the document as AI-Agent automation domain

@regulatory_scope: single-domain (AI-Agent Workflows)

Mandatory tag — auto-detected; reports single-domain or cross-domain (Sector A, Sector B) coverage when an agent workflow touches other regulated areas

@agent_role: [Orchestrator, Executor, Validator]

Specialized function of each AI agent in the workflow

@task_sequence: [Ordered Steps]

Ordered chain of operations the agent must execute

@handoff_trigger: [Condition]

Conditions for transfer to next agent or human

@context_window: [Scope]

Required context and memory scope for decisions

@fallback_protocol: [Recovery Plan]

Error handling and recovery procedures

@output_schema: [Format]

Structured format for agent responses

@operational_principles: Deterministic Execution, Auditable Decisions, Human-in-Loop

Core principles for reliable agent behavior

Best Use Cases

Multi-Agent Orchestration: Coordinate multiple specialized AI agents in complex workflows
Marketing Automation Pipelines: Structured email sequences, content calendars, campaign management
Content Generation Workflows: Research, Draft, Edit, Publish chains with quality gates
Lead Nurturing Sequences: Automated follow-up sequences with conditional branching
Customer Support Bots: Ticket routing, response generation, escalation protocols
Web3 DAO Automation: Governance proposals, voting workflows, treasury management
Social Media Management: Cross-platform posting, engagement tracking, response automation
Sales Funnel Automation: Lead qualification, outreach sequences, CRM integration

Extended Entity & Role Types

The Agent Workflow framework includes specialized types for multi-agent systems:

Entity Types: agent, task, workflow, campaign, lead
Role Types: orchestrator, executor, validator, reviewer, human_operator
Document Types: prompt, template, response, log, report
Domain Types: marketing, sales, support, content, web3

Example: Marketing Content Workflow

@phase: 2.1 - Blueprint - System Architecture
@weight: 4
@priority: High
@category: Content Generation
@sector: AI-Agent Workflows
@regulatory_scope: single-domain (AI-Agent Workflows)
@agent_role: Content Writer
@task_sequence: 1. Research topic 2. Create outline 3. Draft content 4. Submit for review
@handoff_trigger: Draft complete OR word_count > 1500 OR errors_detected
@context_window: Previous 3 articles, brand guidelines, SEO keywords
@fallback_protocol: Escalate to human editor if confidence < 0.7
@output_schema: JSON: {title, body, meta_description, tags[]}
@operational_principles: Deterministic Execution, Auditable Decisions, Human-in-Loop Options

## Blog Post Generation Task

### Agent Assignment
Primary Agent: ContentWriterBot-v3
Validation Agent: QualityReviewBot
Human Fallback: content-team@company.com
          

Agent Workflow Note: Documents tagged with the Agent Workflow framework provide explicit structure for AI orchestration. Unlike generic tagging attempts, SWP ensures agents understand their role boundaries, task sequences, and handoff conditions - reducing ambiguity and improving multi-agent coordination.

Official SDKs

IdeaPhase provides official client libraries for Python and JavaScript/TypeScript. Both SDKs wrap the full API with clean, idiomatic interfaces — encode documents, manage proofs, register webhooks, and share proofs between agents with just a few lines of code.

Prerequisite: Both SDKs require a Pro API key. Create one from the API Key Management section on the main page (requires an active Pro subscription).

Python SDK

Installation

pip install ideaphase

Quick Start

# Initialize the client
from ideaphase import IdeaPhase

client = IdeaPhase(api_key="swp_your_api_key_here")

# Encode a document
result = client.encode(
    "Design a patient intake system for emergency departments.",
    framework="healthcare"
)

print(result["tagged_document"]["full_text"])
print(f"Proof hash: {result['proof']['proof_hash']}")
print(f"Chain position: {result['proof']['chain_position']}")

Batch Encoding

# Encode up to 20 documents in a single call
batch_result = client.encode_batch([
    {"text": "Patient vital signs monitoring protocol.", "framework": "healthcare"},
    {"text": "Autonomous drone navigation safety spec.", "framework": "robotics"},
    {"text": "Software licensing agreement template.", "framework": "legal"}
])

for item in batch_result["results"]:
    print(f"Framework: {item['metadata']['framework']}")
    print(f"Proof: {item['proof']['proof_hash']}")

Proof Verification

# Verify a single proof (public, no auth needed)
verification = client.verify_proof("a1b2c3d4e5f6...64_char_hex...")
print(f"Valid: {verification['verified']}")

# Verify entire proof chain integrity
chain = client.verify_chain("swp_a1b2")
print(f"Chain valid: {chain['valid']}, Length: {chain['chain_length']}")

# Download a full proof receipt
receipt = client.get_proof("d4e5f6a7-b8c9-1234-5678-9abcdef01234")
print(f"Receipt type: {receipt['receipt_type']}")

Webhooks

# Register a webhook
webhook = client.webhooks.create(
    url="https://your-app.com/webhooks/swp",
    events=["proof.created", "chain.verified"]
)
print(f"Webhook ID: {webhook['id']}")
print(f"Secret: {webhook['secret']}")  # Store this for HMAC verification

# List all webhooks
webhooks = client.webhooks.list()

# Update a webhook's URL or event list in place (secret is preserved)
client.webhooks.update(
    webhook["id"],
    url="https://your-app.com/webhooks/swp-v2",
    events=["proof.created", "webhook.delivered"],
)

# Remove a webhook
client.webhooks.delete(webhook["id"])

Error Handling

from ideaphase import IdeaPhase, AuthenticationError, RateLimitError, IdeaPhaseError

client = IdeaPhase(api_key="swp_your_key")

try:
    result = client.encode("Your text here")
except AuthenticationError:
    print("Invalid or expired API key")
except RateLimitError:
    print("Rate limit exceeded - wait and retry")
except IdeaPhaseError as e:
    print(f"API error: {e}")

Custom Base URL

# Point to a different IdeaPhase instance
client = IdeaPhase(
    api_key="swp_your_key",
    base_url="https://your-ideaphase-instance.com",
    timeout=60  # Request timeout in seconds (default: 30)
)

JavaScript / TypeScript SDK

Installation

npm install ideaphase

Quick Start

// Initialize the client
import { IdeaPhase } from "ideaphase";

const client = new IdeaPhase({ apiKey: "swp_your_api_key_here" });

// Encode a document
const result = await client.encode(
  "Deploy autonomous navigation module v2.3 with LIDAR failover.",
  { framework: "robotics" }
);

console.log(result.tagged_document.full_text);
console.log(`Proof: ${result.proof.proof_hash}`);
console.log(`Chain #${result.proof.chain_position}`);

Batch Encoding

// Encode up to 20 documents in a single call
const batchResult = await client.encodeBatch([
  { text: "Patient vital signs monitoring protocol.", framework: "healthcare" },
  { text: "Q3 portfolio rebalancing required.", framework: "finance" },
  { text: "Contract clause amendment for Section 4.2.", framework: "legal" }
]);

for (const item of batchResult.results) {
  console.log(`Framework: ${item.metadata.framework}`);
  console.log(`Proof: ${item.proof.proof_hash}`);
}

Proof Verification & Webhooks

// Verify a proof
const verification = await client.verifyProof("a1b2c3d4e5f6...");
console.log(`Valid: ${verification.verified}`);

// Verify chain integrity
const chain = await client.verifyChain("swp_a1b2");
console.log(`Chain valid: ${chain.valid}, Length: ${chain.chain_length}`);

// Register a webhook
const webhook = await client.webhooks.create(
  "https://your-app.com/webhooks/swp",
  ["proof.created", "proof.shared"]
);
console.log(`Secret: ${webhook.secret}`);

TypeScript Types

The SDK exports full TypeScript type definitions for all API responses:

import type {
  EncodeResponse,
  BatchEncodeResponse,
  ProofVerifyResponse,
  ChainVerifyResponse,
  ProofReceipt,
  Webhook
} from "ideaphase";

// All responses are fully typed
const result: EncodeResponse = await client.encode("Your text");
const tags = result.tagged_document.core_tags;  // { phase, weight, symbolic_id, swp_sum }

Error Handling

import { IdeaPhase, AuthenticationError, RateLimitError, IdeaPhaseError } from "ideaphase";

try {
  const result = await client.encode("Your text here");
} catch (error) {
  if (error instanceof AuthenticationError) {
    console.error("Invalid or expired API key");
  } else if (error instanceof RateLimitError) {
    console.error("Rate limit exceeded - wait and retry");
  } else if (error instanceof IdeaPhaseError) {
    console.error(`API error (${error.statusCode}): ${error.message}`);
  }
}

SDK → API Endpoint Mapping

Python SDK Method	JS/TS SDK Method	API Endpoint
`client.encode(text, framework)`	`client.encode(text, opts)`	`POST /api/v1/encode`
`client.encode_batch(items)`	`client.encodeBatch(items)`	`POST /api/v1/encode/batch`
`client.verify_proof(hash)`	`client.verifyProof(hash)`	`GET /api/v1/proof/verify/{hash}`
`client.verify_chain(prefix)`	`client.verifyChain(prefix)`	`GET /api/v1/proof/chain/{prefix}/verify`
`client.get_proof(doc_id)`	`client.getProof(docId)`	`GET /api/v1/proof/{doc_id}/receipt`
`client.webhooks.create(url, events)`	`client.webhooks.create(url, events)`	`POST /api/v1/webhooks`
`client.webhooks.list()`	`client.webhooks.list()`	`GET /api/v1/webhooks`
`client.webhooks.update(id, url=..., events=..., is_active=...)`	`client.webhooks.update(id, { url, events, is_active })`	`PATCH /api/v1/webhooks/{id}`
`client.webhooks.delete(id)`	`client.webhooks.delete(id)`	`DELETE /api/v1/webhooks/{id}`

Source Code: Python SDK is in sdk/python/ and JavaScript/TypeScript SDK is in sdk/js/. Both use the same API endpoints and authentication scheme (Bearer token).

SWP Ontology & Standards Crosswalks

The SWP ontology is a lightweight, layered description of the controlled vocabularies, is-a hierarchy, and relation types that sit on top of the tag generator. It is purely additive and read-only — it describes existing tags but never changes how a document is tagged. Everything here is fully deterministic: a fixed ontology version always produces byte-identical exports (no model calls, no clock, no randomness).

Open & free: The ontology and both crosswalks are public, read-only JSON. No API key or Pro subscription is required to fetch them.

Three machine-readable exports

Each export is generated from a single source of truth (swp_ontology.py), so the published JSON can never silently drift from the live ontology.

Export	Endpoint	What it contains
Ontology	`GET /api/v1/ontology`	Versioned facets, term hierarchy (parents/roots/emittable), relation vocabulary, and consistency rules.
PROV-O crosswalk	`GET /api/v1/crosswalks/prov-o`	Aligns the proof chain and relation layer with W3C PROV-O provenance concepts.
SKOS crosswalk	`GET /api/v1/crosswalks/skos`	Maps each controlled facet vocabulary to a SKOS concept scheme with broader/narrower links.
FIBO crosswalk	`GET /api/v1/crosswalks/fibo`	Aligns the Pro Finance framework tags with the Financial Industry Business Ontology (FIBO).
FHIR crosswalk	`GET /api/v1/crosswalks/fhir`	Aligns the Pro Healthcare framework tags with HL7 FHIR resources.
LKIF crosswalk	`GET /api/v1/crosswalks/lkif`	Aligns the Pro Legal framework tags with the LKIF-Core legal ontology.
CORA crosswalk	`GET /api/v1/crosswalks/cora`	Aligns the Pro Robotics framework tags with the IEEE 1872 CORA ontology.
IEEE LOM crosswalk	`GET /api/v1/crosswalks/lom`	Aligns the Pro Education framework tags with IEEE LOM (Learning Object Metadata).
FIPA crosswalk	`GET /api/v1/crosswalks/fipa`	Aligns the Pro AI-Agent Workflows framework tags with the FIPA multi-agent standards.

Ontology JSON PROV-O crosswalk SKOS crosswalk FIBO crosswalk FHIR crosswalk LKIF crosswalk CORA crosswalk IEEE LOM crosswalk FIPA crosswalk

PROV-O: provenance alignment

PROV-O is the W3C standard for describing provenance — who produced what, from what, and when. SWP proofs map naturally onto its three core types:

prov:Entity — the input document, the SWP-tagged output document, and the proof record.
prov:Activity — the encoding event that consumed the input and generated the tagged output.
prov:Agent — the API-key holder responsible for the encoding event.

The Stage 2 relation types map to PROV-O derivation/influence properties. Each mapping carries a precision flag so consumers know how faithful the alignment is:

SWP relation	PROV-O property	Precision
`derived_from`	`prov:wasDerivedFrom`	exact
`depends_on`	`prov:wasInfluencedBy`	broader
`supersedes`	`prov:wasRevisionOf`	approximate
`refines`	`prov:specializationOf`	approximate
`contradicts`	`prov:alternateOf`	approximate
`cites`	`prov:wasInfluencedBy`	broader

exact = same meaning; broader = a more general PROV-O super-property; approximate = closest available property, semantics differ in nuance.

SKOS: vocabulary alignment

SKOS is the W3C standard for publishing controlled vocabularies and taxonomies. Each SWP facet becomes a skos:ConceptScheme, each term a skos:Concept, and the is-a hierarchy is expressed with skos:broader / skos:narrower. Root terms are marked as skos:hasTopConcept, and an emittable flag indicates which terms the encoder can actually output (abstract parent terms are non-emittable).

# Example concept (from the category facet)
{
  "id": "swp:concept/category/strategic",
  "pref_label": "Strategic",
  "broader": "content-category",
  "narrower": [],
  "top_concept": false,
  "emittable": true
}

Domain crosswalks: every Pro framework

Beyond the cross-industry W3C standards above, the Pro domain frameworks carry sector-specific metadata and entity tags that align with recognized domain vocabularies. A deeper crosswalk maps each framework's tags onto its sector standard — all generated from domain_frameworks.py as the single source of truth, so they cannot silently drift:

FIBO (Financial Industry Business Ontology) for the Finance framework — maps tags like @entity:account, @entity:customer, and @role:regulator onto FIBO concepts.
FHIR (HL7 Fast Healthcare Interoperability Resources) for the Healthcare framework — maps tags like @audit_trail and @data_sensitivity onto FHIR resources (e.g. AuditEvent, Consent).
LKIF-Core (Legal Knowledge Interchange Format) for the Legal framework — maps @regulatory_standards onto LKIF's Norm concept (with Akoma Ntoso referenced for document structure).
IEEE 1872 CORA (Core Ontology for Robotics and Automation) for the Robotics framework — maps the sector and sensor/device tags onto CORA, with the ISO 13482 / IEC 61508 / ISO 26262 functional-safety standards referenced for the safety tags.
IEEE LOM (Learning Object Metadata) for the Education framework — maps @content_standards onto LOM's Classification category and @data_sensitivity onto Ed-Fi student entities.
FIPA (multi-agent system standards) for the AI-Agent Workflows framework — maps @entity:agent and the ACL-style message tags onto FIPA concepts; business/marketing tags (campaign, lead, web3) are honestly left unmapped.

Every domain tag is either mapped to a target concept with the same precision flag used by PROV-O (exact / broader / approximate) or explicitly marked unmapped with a reason — operational controls (audit posture, data minimization) that have no business-domain concept are honestly left unmapped rather than forced.

# Example mapping (from the FIBO Finance crosswalk)
{
  "swp_tag": "@entity:account",
  "concept": "Account",
  "iri": "fibo-fbc-pas-caa:Account",
  "iri_url": "https://spec.edmcouncil.org/fibo/ontology/FBC/ProductsAndServices/ClientsAndAccounts/Account",
  "precision": "exact",
  "note": "Maps directly to FIBO's Account class in FBC/ProductsAndServices/ClientsAndAccounts."
}

Each mapped entry now carries a pre-expanded iri_url — the namespace base joined to the local name — so you get a complete, clickable web address that resolves to the published concept without expanding the prefix yourself. The live crosswalk below renders each one as a direct link.

Live domain crosswalk

Pick a framework to load its committed crosswalk and see every tag mapped to its standard concept, with the full resolvable address:

Framework:

SWP-Bus: Agent-to-Agent Mesh

The SWP-Bus is a lightweight neurosymbolic message bus built directly on top of the proof chain. Every published envelope is hashed, chained to its predecessor, and durably stored — so a stream of agent messages doubles as a tamper-evident audit log. Topics support fan-out subscriptions with HMAC-signed delivery; mesh sessions support 1:1 agent pairs over a shared, hash-chained transcript.

Requires Pro: All /api/v1/bus/* endpoints require an active Pro subscription (founder keys bypass). Each key is limited to 120 bus operations per minute. Authenticate every request with Authorization: Bearer <your_api_key>.

Endpoint Catalog (17)

Topics & Subscriptions

POST   /api/v1/bus/topics                          # create topic
GET    /api/v1/bus/topics                          # list your topics
DELETE /api/v1/bus/topics/<name>                   # soft-delete a topic
POST   /api/v1/bus/topics/<name>/publish           # publish an SWP envelope
POST   /api/v1/bus/topics/<name>/subscribe         # subscribe (returns secret ONCE)
DELETE /api/v1/bus/subscriptions/<sub_id>          # revoke a subscription
GET    /api/v1/bus/topics/<name>/messages          # pull (with optional long-poll)
GET    /api/v1/bus/topics/<name>/stream            # SSE stream
GET    /api/v1/bus/topics/<name>/ws                # WebSocket stream
POST   /api/v1/bus/topics/<name>/replay            # replay by offset or proof_hash

Mesh Sessions (1:1 agent pairs)

POST   /api/v1/bus/sessions                              # create + return invite_token
POST   /api/v1/bus/sessions/accept                       # accept invite_token (peer)
GET    /api/v1/bus/sessions/<session_id>                 # status + offsets
POST   /api/v1/bus/sessions/<session_id>/publish         # publish into the session
GET    /api/v1/bus/sessions/<session_id>/messages        # pull session transcript
GET    /api/v1/bus/sessions/<session_id>/cross-references # proof-chain xrefs
POST   /api/v1/bus/sessions/<session_id>/close           # close the session

Dead Letter Queue

GET    /api/v1/bus/dlq                            # list failed push deliveries
POST   /api/v1/bus/dlq/<dlq_id>/resolve            # mark a DLQ entry resolved

Topic Lifecycle

Create a topic, subscribe, publish envelopes, then pull or long-poll. Each published envelope is appended to the proof chain (proof_hash + prev_proof_hash), so consumers can verify continuity offline.

# 1. Create a topic on one of your keys
curl -X POST https://ideaphase.app/api/v1/bus/topics \
  -H "Authorization: Bearer $SWP_KEY" -H "Content-Type: application/json" \
  -d '{"name": "orders.created", "visibility": "private", "retention_messages": 10000}'

# 2. Subscribe (response contains "secret" exactly once -- store it!)
#    If $CONSUMER_KEY != $SWP_KEY (cross-key subscribe), the topic above must
#    have been created with visibility="shared" -- private topics return 404
#    to any key other than the owner (presence-oracle hardening). Add
#    "owner_key_prefix": "" to the JSON body
#    so the server can locate the topic under the owner's key namespace.
curl -X POST https://ideaphase.app/api/v1/bus/topics/orders.created/subscribe \
  -H "Authorization: Bearer $CONSUMER_KEY" -H "Content-Type: application/json" \
  -d '{"delivery_mode": "pull", "filter_phase": "phase:execute"}'

# 3. Publish an SWP envelope (e.g. from /api/v1/encode output)
curl -X POST https://ideaphase.app/api/v1/bus/topics/orders.created/publish \
  -H "Authorization: Bearer $SWP_KEY" -H "Content-Type: application/json" \
  -d '{"envelope": {"tags": {"phase": "phase:execute", "weight": 8}, "payload": "..."}}'

# 4. Long-poll for new messages. wait_seconds is a cap, not an exact timer:
#    the server returns as soon as a message arrives, or shortly after the
#    cap elapses (plus a small amount of scan/serialization overhead).
curl "https://ideaphase.app/api/v1/bus/topics/orders.created/messages?from_offset=0&wait_seconds=25" \
  -H "Authorization: Bearer $CONSUMER_KEY"

HMAC Verification Recipe

Messages delivered to a subscriber (pull or push) are signed with that subscription's plaintext secret and carry a non-null hmac_sha256 field. The signature covers the canonical JSON encoding of the message's envelope (sorted keys, compact separators). The plaintext secret is returned once at subscribe time — store it securely; the server only keeps a hash.

Messages pulled by the topic owner (or pulled from a mesh session) arrive with hmac_sha256: null and signed: false — those calls are already authenticated by the caller's own API key, so there is no shared secret to sign with. Every pull response also carries a top-level signed boolean so you can branch once per batch rather than per message.

Use two distinct API keys in these examples. If the same key is both the topic owner and the subscriber, every pull takes the owner-pull branch — the response will come back with signed: false and hmac_sha256: null regardless of whether you also have a subscription, because the API key itself already authenticates the call and there is no need for a separate HMAC. The owner_key_prefix below refers to the topic owner's key prefix; the bearer token on the request must be the subscriber's key.

Python (using the SDK)

from ideaphase import IdeaPhase, BusUnsignedMessageError

# Subscriber client -- bearer token is the SUBSCRIBER's key, not the owner's.
client = IdeaPhase(api_key="swp_subscriber_key")
OWNER_PREFIX = "swp_owner_prefix"  # first 12 chars of the topic owner's API key

# Subscribe once and keep the secret in your secrets manager.
# Cross-key subscribe requires the topic to have been created with visibility="shared".
sub = client.bus.subscribe("orders.created", owner_key_prefix=OWNER_PREFIX)
secret = sub["secret"]  # shown only once

# Pull and verify each delivered message
batch = client.bus.pull("orders.created", from_offset=0, limit=100,
                        owner_key_prefix=OWNER_PREFIX)
assert batch["signed"], "subscriber pull should always be signed"
for msg in batch["messages"]:
    if not client.bus.verify_message(secret, msg):
        raise RuntimeError(f"HMAC mismatch at offset {msg['offset']}")
    handle(msg["envelope"])

# If you pull as the topic owner instead, opt in to allow_unsigned:
# own = client.bus.pull("orders.created", from_offset=0)  # no owner_key_prefix
# for msg in own["messages"]:
#     client.bus.verify_message("", msg, allow_unsigned=True)

JavaScript / TypeScript (using the SDK)

import { IdeaPhase, verifyMessage, BusUnsignedMessageError } from "ideaphase";

// Subscriber client -- bearer token is the SUBSCRIBER's key, not the owner's.
const client = new IdeaPhase({ apiKey: "swp_subscriber_key" });
const OWNER_PREFIX = "swp_owner_prefix"; // first 12 chars of the topic owner's API key

// Subscribe once and keep the secret in your secrets manager.
// Cross-key subscribe requires the topic to have been created with visibility: "shared".
const sub = await client.bus.subscribe("orders.created",
  { ownerKeyPrefix: OWNER_PREFIX });
const secret = sub.secret!; // shown only once

// Pull and verify each delivered message
const batch = await client.bus.pull("orders.created",
  { fromOffset: 0, ownerKeyPrefix: OWNER_PREFIX });
if (!batch.signed) throw new Error("subscriber pull should always be signed");
for (const msg of batch.messages) {
  if (!verifyMessage(secret, msg)) {
    throw new Error(`HMAC mismatch at offset ${msg.offset}`);
  }
  await handle(msg.envelope);
}

// If you pull as the topic owner instead, opt in to allowUnsigned:
// const own = await client.bus.pull("orders.created", { fromOffset: 0 });
// for (const msg of own.messages) {
//   verifyMessage("", msg, { allowUnsigned: true });
// }
// Without { allowUnsigned: true }, verifyMessage throws BusUnsignedMessageError.

Verify in any language (canonical JSON)

# Subscriber pull / push: message["signed"] == true, hmac_sha256 is set.
# Pseudocode -- equivalent to json.dumps(envelope, sort_keys=True, separators=(',',':'))
if message["signed"]:
    canonical = canonical_json(message["envelope"])
    expected  = hmac_sha256(secret, canonical).hex()
    assert constant_time_eq(expected, message["hmac_sha256"])
# Owner pull / session pull: message["signed"] == false, hmac_sha256 is null.
# The transport-level API key is the authentication; no HMAC to verify.

Push delivery: If you set delivery_mode: "push" with a push_url, the server POSTs each envelope to your URL with header X-SWP-Bus-Signature: sha256=<hex>. The signature scheme is identical to the pull case — verify against the canonical JSON of the request body's envelope field.

Mesh Sessions

Mesh sessions are 1:1 channels for direct agent-to-agent conversation. Either side can publish; both pull from the same hash-chained transcript. Use sessions when two agents need to negotiate, hand off context, or co-author work without a public topic.

# Agent A: initiate
session = client.bus.create_session(metadata={"purpose": "triage"})
invite = session["invite_token"]   # share this with the peer (one-time use)
sid = session["session_id"]

# Agent B: accept
peer.bus.accept_session(invite)

# Either side publishes; both pull
client.bus.publish_to_session(sid, envelope={"tags": {"phase": "phase:plan"}, "payload": "..."})
transcript = peer.bus.pull_session_messages(sid, from_offset=0)

# Cross-reference the session against the global proof chain
xrefs = client.bus.session_cross_references(sid)

# Close when done (idempotent)
client.bus.close_session(sid)

Cross-references link each session message's proof_hash to the corresponding entry in the global proof chain, so a mesh transcript remains independently verifiable after the session closes.

Replay & DLQ

Replay lets you re-read a slice of a topic — by offset range or by proof_hash with surrounding context — useful for debugging, audit, and disaster recovery. Push subscriptions that fail after retries land in the DLQ; you can inspect failures from the Pro Dashboard or via the API.

# Replay 50 messages starting from offset 1000
curl -X POST https://ideaphase.app/api/v1/bus/topics/orders.created/replay \
  -H "Authorization: Bearer $SWP_KEY" -H "Content-Type: application/json" \
  -d '{"from_offset": 1000, "limit": 50}'

# Replay around a specific proof hash (5 messages before/after)
curl -X POST https://ideaphase.app/api/v1/bus/topics/orders.created/replay \
  -H "Authorization: Bearer $SWP_KEY" -H "Content-Type: application/json" \
  -d '{"proof_hash": "abc123...", "context": 5}'

# List + resolve DLQ entries (failed push deliveries)
curl https://ideaphase.app/api/v1/bus/dlq -H "Authorization: Bearer $CONSUMER_KEY"
curl -X POST https://ideaphase.app/api/v1/bus/dlq/42/resolve \
  -H "Authorization: Bearer $CONSUMER_KEY"

Dashboard & Status

The Pro Dashboard's SWP Bus tab gives you a live view of your topics, subscriptions, recent messages, mesh sessions, and DLQ entries, with one-click controls for create, delete, replay, and resolve. The public Status Page includes a SWP Bus component sourced from GET /api/health, so you can verify bus availability without an API key.

Response Codes & Presence-Oracle Policy

The bus endpoints use a deliberately uniform set of error codes so that an unauthorized caller cannot tell the difference between an object that does not exist and an object that exists but belongs to another tenant. This is a security guarantee — please code your clients against it.

Status	Meaning	When it fires
`200`	OK	Successful read/publish/pull/replay.
`201`	Created	Topic / subscription / session created.
`400`	Bad request	Malformed JSON body, invalid field, missing required field.
`401`	Unauthorized	Missing or invalid `Authorization: Bearer <key>` header.
`403`	Forbidden	Key authenticates but the action requires a higher plan (Pro-gated feature).
`404`	Not found	Collapsed: the topic / subscription / session / DLQ row either does not exist or belongs to a different tenant. The response body is byte-identical in both cases — do not parse it for presence signals.
`409`	Conflict	Session already accepted, topic name already in use, etc.
`410`	Gone	Session was closed by either peer.
`429`	Rate limited	Per-key rate limit exceeded.

What changed (May 2026): Topic, session, stream (SSE/WS), and the Pro-Dashboard bus-mirror routes (/api/dashboard/bus/*) all return a uniform 404 when the referenced ID is missing or owned by another tenant. Previously some routes returned 403 when the row existed but was owned elsewhere — which leaked existence. Numeric IDs and topic names are not authorization tokens; expect 404 on probing.

Getting Started

The IdeaPhase SWP Encoding API lets you programmatically encode documents with Symbol Word Protocol tags. Every request returns structured, AI-readable output with prompt templates, LoRA fine-tuning guidance, and a cryptographic proof chain for verifiable document lineage.

Base URL

https://ideaphase.app

Quick Access: You can reach this documentation at either /swp-docs or /docs (which redirects here). For a machine-readable catalog of all available endpoints, see GET /api/v1/discovery.

Prerequisites

Active Pro Subscription — Sign up at ideaphase.app and upgrade to Pro ($29.99/month)
API Key — Create one from the API Key Management section on the home page, or use the /api/v1/key/create endpoint

Important: Your full API key is shown only once at creation. Store it securely — IdeaPhase stores only a SHA-256 hash and cannot recover your key.

Quick Start (cURL)

# Encode a document with SWP tags
curl -X POST https://ideaphase.app/api/v1/encode \
  -H "Authorization: Bearer swp_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "text": "Our AI assistant must respond within 200ms and fall back to cached responses if the primary model is unavailable.",
    "framework": "general"
  }'

Authentication

All API requests require a Bearer token in the Authorization header. Your API key starts with swp_ followed by a unique token.

Header Format

Authorization: Bearer swp_your_api_key_here

Authentication Errors

// Missing or malformed header
{
  "error": "Missing or invalid Authorization header. Use: Bearer <your_api_key>"
}

// Invalid key
{
  "error": "Invalid API key"
}

// Rolling 12h window limit exceeded
{
  "error": "Rate limit exceeded for this window",
  "limit": 350,
  "window": "rolling-12h"
}

Encode Endpoint

The core endpoint that transforms raw text into SWP-tagged, AI-readable output.

`POST /api/v1/encode`

Request Body (JSON)

Field	Type	Required	Description
`text`	string	Yes	The raw text content to encode (1–50,000 characters)
`framework`	string	No	Domain framework: `general` (default), `healthcare`, `robotics`, `legal`, `education`, `finance`, `agent_workflow`
`include_extended_tags`	boolean	No	Include optional extended tags (default: `true`)

Example Request

curl -X POST https://ideaphase.app/api/v1/encode \
  -H "Authorization: Bearer swp_abc123..." \
  -H "Content-Type: application/json" \
  -d '{
    "text": "The patient presents with elevated troponin levels indicating possible myocardial infarction. Immediate cardiac catheterization is recommended per ACC/AHA guidelines.",
    "framework": "healthcare",
    "include_extended_tags": true
  }'

Example Response (200 OK)

{
  "swp_version": "1.0",
  "encoding_id": "a3f8b2c1e9d04712",
  "tagged_document": {
    "full_text": "@phase: Execution\n@weight: 0.92\n@symbolic_id: SWP-EXE-001\n@swp_sum: Clinical assessment...\n@sector: Healthcare\n@regulatory_standards: HIPAA, HITECH\n@compliance_posture: Active\n@data_sensitivity: PHI\n@audit_trail: Required\n@data_minimization: Applied\n@operational_principles: Patient Safety First\n\nThe patient presents with...",
    "core_tags": {
      "phase": "Execution",
      "weight": 0.92,
      "symbolic_id": "SWP-EXE-001",
      "swp_sum": "Clinical assessment with cardiac emergency protocol..."
    },
    "extended_tags": {
      "priority": "critical",
      "confidence": "high",
      "source_type": "clinical_note"
    },
    "domain_tags": {
      "sector": "Healthcare",
      "regulatory_standards": "HIPAA, HITECH",
      "compliance_posture": "Active",
      "data_sensitivity": "PHI",
      "audit_trail": "Required",
      "data_minimization": "Applied",
      "operational_principles": "Patient Safety First"
    }
  },
  "prompt_template": "You are processing an SWP-tagged document. Read the @phase and @weight tags first to understand priority and classification. The @symbolic_id provides a unique reference. Process the content according to the indicated phase and regulatory framework...",
  "lora_guidance": {
    "task_type": "classification_and_tagging",
    "recommended_base_model": "llama-3-8b or mistral-7b",
    "training_format": "instruction_following",
    "suggested_hyperparameters": { ... }
  },
  "proof": {
    "document_id": "d4e5f6a7-b8c9-1234-5678-9abcdef01234",
    "proof_hash": "a1b2c3d4e5f6...64-char-sha256-hex...",
    "chain_position": 7,
    "previous_proof_hash": "f9e8d7c6b5a4...previous-sha256-hex...",
    "timestamp": "2026-02-16T14:32:01+00:00",
    "receipt_url": "/api/v1/proof/d4e5f6a7-b8c9-1234-5678-9abcdef01234"
  },
  "metadata": {
    "processing_time_ms": 12.45,
    "tag_count": 14,
    "framework": "healthcare",
    "input_length": 198,
    "word_count": 24,
    "input_hash": "c7d8e9f0a1b2...64-char-sha256-hex...",
    "encoded_at": "2026-02-16T14:32:01+00:00"
  }
}

Response Fields Explained

Field	Description
`swp_version`	Protocol version used for encoding
`encoding_id`	Unique identifier for this encoding operation
`tagged_document.full_text`	Complete tagged document with SWP headers prepended to your content
`tagged_document.core_tags`	The four required SWP tags: phase, weight, symbolic_id, swp_sum
`tagged_document.extended_tags`	Optional tags like priority, confidence, source_type (null if disabled)
`tagged_document.domain_tags`	Framework-specific metadata tags (null if using general framework)
`prompt_template`	Ready-to-use system prompt instructing LLMs how to interpret the tags
`lora_guidance`	Recommended settings for fine-tuning models on SWP-tagged data
`proof`	Cryptographic proof chain entry (see Proof Chain section below)
`metadata`	Processing statistics: timing, tag count, framework used

Domain Frameworks

Pass a framework parameter to apply industry-specific metadata tags. Each framework adds regulatory and sector tags alongside the core SWP tags.

Framework ID	Sector	Key Metadata Tags
`general`	Any	Core SWP tags only (default)
`healthcare`	Healthcare & Clinical	HIPAA, HITECH, PHI sensitivity, audit trail
`robotics`	Robotics & Autonomous	ISO 13482, IEC 61508, fail-safe protocols
`legal`	Legal Technology	GDPR, CCPA, document integrity, audit trail
`education`	Education Technology	FERPA, COPPA, accessibility, content standards
`finance`	Financial Services	SOX, FINRA, Basel III, PCI-DSS, risk classification
`agent_workflow`	AI-Agent Workflows	Agent roles, task sequences, handoff triggers, fallback protocols

Example: Encoding with Finance Framework

curl -X POST https://ideaphase.app/api/v1/encode \
  -H "Authorization: Bearer swp_abc123..." \
  -H "Content-Type: application/json" \
  -d '{
    "text": "Q3 portfolio rebalancing required. Client exposure to emerging markets exceeds 15% allocation target. Recommend gradual reduction over 30-day window to minimize market impact.",
    "framework": "finance"
  }'

// The domain_tags in the response will include:
"domain_tags": {
  "sector": "Financial Services",
  "regulatory_standards": "SOX, FINRA, Basel III, PCI-DSS",
  "compliance_posture": "Active",
  "data_sensitivity": "Confidential",
  "audit_trail": "Required",
  "risk_classification": "Medium",
  "operational_principles": "Fiduciary Duty, Regulatory Compliance"
}

API Key Management

Pro subscribers can create up to 5 API keys. Keys are prefixed with swp_ and stored as SHA-256 hashes — the full key is shown only at creation.

`POST /api/v1/key/create`

Create a new API key. Requires an active Pro session (cookie-based auth from the web app).

Request Body

Field	Type	Required	Description
`label`	string	No	Friendly name for the key (default: "API Key")

Example Response (201 Created)

{
  "api_key": "swp_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6",
  "key_id": 42,
  "prefix": "swp_a1b2",
  "label": "Production Key",
  "created_at": "2026-02-16T14:00:00+00:00",
  "rate_limit_per_minute": 30,
  "daily_limit": 350,
  "note": "Store this key securely. It cannot be retrieved again."
}

`GET /api/v1/key/list`

List all your API keys with usage statistics. Requires an active session.

Example Response (200 OK)

{
  "keys": [
    {
      "id": 42,
      "prefix": "swp_a1b2",
      "label": "Production Key",
      "is_active": true,
      "requests_today": 23,  // resets every 12 hours from window start
      "requests_total": 1547,
      "daily_limit": 350,
      "rate_limit_per_minute": 30,
      "last_used_at": "2026-02-16T13:45:22+00:00",
      "created_at": "2026-01-15T09:00:00+00:00"
    }
  ]
}

`POST /api/v1/key/revoke`

Permanently deactivate a compromised or unused key. Requires an active session.

Request Body

{
  "key_id": 42
}

Example Response (200 OK)

{
  "prefix": "swp_a1b2",
  "revoked": true
}

`POST /api/v1/key/rotate`

Atomically revoke an old key and create a new one. Requires an active Pro session.

Request Body

{
  "key_id": 42,
  "label": "Rotated Production Key"
}

Example Response (200 OK)

{
  "api_key": "swp_x9y8z7w6v5u4t3s2r1q0...",
  "key_id": 43,
  "prefix": "swp_x9y8",
  "label": "Rotated Production Key",
  "old_prefix": "swp_a1b2",
  "created_at": "2026-02-16T15:00:00+00:00",
  "note": "Old key has been revoked. Store the new key securely."
}

Proof Chain & Document Verification

Every document encoded through the API generates a SHA-256 cryptographic proof that chains to the previous proof for your API key. This creates a verifiable, tamper-proof record of every document you have encoded — without storing any raw content.

Privacy by Design: IdeaPhase stores only SHA-256 hashes of your input and output — never the actual document content. This makes the proof chain GDPR and HIPAA compliant while still providing strong evidence of document existence and processing time.

How the Proof Chain Works

You send a document to /api/v1/encode
IdeaPhase generates SHA-256 hashes of both the input and output
A combined proof_hash is created from input_hash + output_hash + timestamp
This proof is linked to your previous proof via previous_proof_hash, forming a chain
The response includes a proof object with the document_id, proof_hash, and chain position

Proof Object (included in every encode response)

"proof": {
  "document_id": "d4e5f6a7-b8c9-1234-5678-9abcdef01234",   // UUID for this document
  "proof_hash": "a1b2c3d4e5f6...",                         // 64-char SHA-256 hex
  "chain_position": 7,                                       // Position in your proof chain
  "previous_proof_hash": "f9e8d7c6b5a4...",                  // Link to previous proof (null if first)
  "timestamp": "2026-02-16T14:32:01+00:00",                  // UTC processing time
  "receipt_url": "/api/v1/proof/d4e5f6a7-b8c9-..."           // Download full receipt
}

`GET /api/v1/proof/{document_id}` AUTH

Download a full proof receipt for a specific document. Requires the API key that created the proof.

Example Request

curl -H "Authorization: Bearer swp_abc123..." \
  https://ideaphase.app/api/v1/proof/d4e5f6a7-b8c9-1234-5678-9abcdef01234

Example Response (200 OK)

{
  "receipt_type": "IdeaPhase API Encoding Proof",
  "version": "1.0",
  "generated_at": "2026-02-16T14:35:00+00:00",
  "document": {
    "document_id": "d4e5f6a7-b8c9-1234-5678-9abcdef01234",
    "proof_hash": "a1b2c3d4e5f6...",
    "input_hash": "e7f8a9b0c1d2...",
    "output_hash": "3c4d5e6f7a8b...",
    "processing_timestamp": "2026-02-16T14:32:01+00:00",
    "processing_type": "api_encode",
    "tier": "pro"
  },
  "chain": {
    "previous_proof_hash": "f9e8d7c6b5a4...",
    "chain_position": 7,
    "api_key_prefix": "swp_a1b2"
  },
  "framework": "healthcare",
  "verification": {
    "algorithm": "SHA-256",
    "encoding": "UTF-8",
    "normalization": "CRLF -> LF",
    "verify_url": "https://ideaphase.app/api/v1/proof/verify/a1b2c3d4e5f6...",
    "chain_verify_url": "https://ideaphase.app/api/v1/proof/chain/swp_a1b2/verify"
  },
  "legal_notice": "This receipt provides cryptographic proof that the specified document was encoded through the IdeaPhase Symbol Word Protocol API at the indicated timestamp..."
}

`GET /api/v1/proof/verify/{proof_hash}` PUBLIC

Verify that a proof exists and is valid. No authentication required — anyone can verify a proof hash.

Example Request

curl https://ideaphase.app/api/v1/proof/verify/a1b2c3d4e5f678901234567890abcdef1234567890abcdef1234567890abcdef

Example Response (200 OK)

{
  "verified": true,
  "message": "Proof verified successfully",
  "document_id": "d4e5f6a7-b8c9-1234-5678-9abcdef01234",
  "created_at": "2026-02-16T14:32:01+00:00",
  "processing_type": "api_encode",
  "chain": {
    "has_chain": true,
    "chain_position": 7,
    "previous_proof_hash": "f9e8d7c6b5a4..."
  }
}

`GET /api/v1/proof/chain/{key_prefix}/verify` PUBLIC

Verify the integrity of an entire proof chain for a given API key prefix. Detects broken links and tampered hashes.

Example Request

curl https://ideaphase.app/api/v1/proof/chain/swp_a1b2/verify

Example Response (200 OK)

{
  "valid": true,
  "chain_length": 7,
  "first_proof": "b0a1c2d3e4f5...",
  "last_proof": "a1b2c3d4e5f6...",
  "first_timestamp": "2026-01-15T09:12:00+00:00",
  "last_timestamp": "2026-02-16T14:32:01+00:00",
  "errors": []
}

Use Case: Share the verify URL with clients, auditors, or legal teams as independent proof that a document was encoded at a specific time. The public verification endpoint requires no login — anyone with the proof hash can verify it.

Webhook Notifications

Pro users can register webhook URLs to receive real-time HTTP callbacks when events occur. Payloads are HMAC-signed with a per-webhook secret for tamper-proof verification.

Supported Events

proof.created

Fired when a document is encoded and a new proof is generated

chain.verified

Fired when a proof chain integrity check completes

proof.shared

Fired when a proof is shared via a share token

proof.cross_referenced

Fired when proofs from different agents are cross-referenced

`POST /api/v1/webhooks` AUTH

Request Body

{
  "url": "https://your-app.com/webhooks/swp",
  "events": ["proof.created", "chain.verified"]
}

Response (201 Created)

{
  "id": 1,
  "url": "https://your-app.com/webhooks/swp",
  "events": ["proof.created", "chain.verified"],
  "secret": "whsec_a1b2c3d4e5f6...",
  "is_active": true,
  "note": "Store the secret securely. Use it to verify webhook signatures."
}

`GET /api/v1/webhooks` AUTH

List all registered webhooks for your account. Each entry includes created_at and updated_at timestamps so you can see when the configuration was last changed.

Response (200 OK)

{
  "webhooks": [
    {
      "id": 1,
      "url": "https://your-app.com/webhooks/swp",
      "events": ["proof.created", "chain.verified"],
      "is_active": true,
      "created_at": "2026-03-01T14:32:01",
      "updated_at": "2026-05-27T09:14:22"
    }
  ]
}

`PATCH /api/v1/webhooks/{id}` AUTH

Update a webhook's url, events, and/or is_active flag in place without rotating its signing secret. Provide at least one of the three fields. The new URL is re-validated against the same SSRF rules as registration; events are validated against the supported event list. Setting is_active to false pauses delivery (the row and secret are preserved); setting it back to true resumes delivery. On success, updated_at is bumped automatically.

Quota note: Reactivating a paused webhook counts against your active-webhook quota. If you are already at the limit, a PATCH that sets is_active: true on a currently paused row is rejected with 400 (same error message as registration). Pause or delete an active row first, then reactivate.

Response Codes

Status	When it fires
`200`	Update applied.
`400`	Invalid URL, unknown event name, empty events list, non-boolean `is_active`, or active-webhook quota would be exceeded by reactivation.
`401`	Missing or invalid bearer token.
`404`	Collapsed: the webhook either does not exist or belongs to another tenant. Body is byte-identical in both cases.

Request Body

{
  "url": "https://your-app.com/webhooks/swp-v2",
  "events": ["proof.created", "webhook.delivered"],
  "is_active": false
}

Response (200 OK)

{
  "id": 1,
  "url": "https://your-app.com/webhooks/swp-v2",
  "events": ["proof.created", "webhook.delivered"],
  "is_active": true,
  "created_at": "2026-03-01T14:32:01",
  "updated_at": "2026-05-27T09:14:22"
}

`DELETE /api/v1/webhooks/{id}` AUTH

Remove a webhook by ID.

Webhook Payload Format

Each webhook delivery includes an HMAC-SHA256 signature in the X-IdeaPhase-Signature header, formatted as sha256=<hex>. The event name is also sent in the X-IdeaPhase-Event header. Verify the signature using your webhook secret:

// Example payload for proof.created event
{
  "event": "proof.created",
  "timestamp": "2026-03-01T14:32:01Z",
  "data": {
    "proof_hash": "a1b2c3d4e5f6...",
    "document_id": "d4e5f6a7-b8c9-...",
    "chain_position": 7,
    "framework": "healthcare"
  }
}

Verifying Webhook Signatures (Python)

import hmac, hashlib

def verify_webhook(payload_body, signature_header, webhook_secret):
    # signature_header is the X-IdeaPhase-Signature value: "sha256=<hex>"
    received = signature_header.split("=", 1)[-1]
    expected = hmac.new(
        webhook_secret.encode("utf-8"),
        payload_body,
        hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(expected, received)

Retry Policy: Each webhook delivery is attempted up to 3 times. After a failed attempt the server waits with exponential backoff (2s, then 4s) before retrying; after 3 failed attempts the delivery is abandoned. Ensure your endpoint returns a 2xx status code to acknowledge receipt.

Agent-to-Agent Proof Sharing

Enable cross-platform proof verification between different API keys. Agents can share proof receipts via time-limited tokens and create cross-reference links for multi-agent verification chains.

Sharing Workflow

Agent A encodes a document and gets a proof hash
Agent A calls /api/v1/proof/share to generate a shareable token
Agent A sends the share token to Agent B (via API, message queue, etc.)
Agent B calls /api/v1/proof/shared/{token} to verify the proof (public, no auth needed)
Agent B optionally calls /api/v1/proof/cross-reference to link their own proof to Agent A's proof

`POST /api/v1/proof/share` AUTH

Generate a time-limited, HMAC-signed share token for a specific proof.

Request Body

Field	Type	Required	Description
`document_id`	string	Yes	UUID of the document whose proof you want to share
`expires_in`	integer	No	Token expiration in seconds (default: 604800 = 7 days)

Response (200 OK)

{
  "share_token": "eyJkYXRhIjoi...",
  "expires_at": "2026-03-08T14:32:01+00:00",
  "proof_hash": "a1b2c3d4e5f6...",
  "verification_url": "https://ideaphase.app/api/v1/proof/shared/eyJkYXRhIjoi..."
}

`GET /api/v1/proof/shared/{share_token}` PUBLIC

Verify a shared proof using its token. No authentication required — anyone with the token can verify the proof. Only hashes and metadata are returned, never the original content.

Response (200 OK)

{
  "valid": true,
  "proof_hash": "a1b2c3d4e5f6...",
  "document_id": "d4e5f6a7-b8c9-...",
  "chain_position": 7,
  "input_hash": "e7f8a9b0c1d2...",
  "output_hash": "3c4d5e6f7a8b...",
  "framework": "healthcare",
  "timestamp": "2026-02-16T14:32:01+00:00",
  "shared_by": "swp_a1b2"
}

`POST /api/v1/proof/cross-reference` AUTH

Create a cross-reference link between your proof and a shared proof from another agent. This creates a verifiable connection between proofs across different API keys.

Request Body

{
  "source_proof_hash": "your_proof_hash_here...",
  "target_share_token": "eyJkYXRhIjoi..."
}

Response (200 OK)

{
  "cross_reference_id": 1,
  "source_proof_hash": "your_proof_hash...",
  "target_proof_hash": "their_proof_hash...",
  "target_key_prefix": "swp_x9y8",
  "created_at": "2026-03-01T15:00:00+00:00"
}

`GET /api/v1/proof/cross-references/{proof_hash}` AUTH

List all cross-references linked to a specific proof (both directions). You must own the proof — either as the original encoder (a row in your document_proofs) or as the source of an existing outbound cross-reference. Otherwise the endpoint returns a uniform 404.

Response Codes

Status	When it fires
`200`	You own the proof. Returns `proof_hash`, `cross_references[]` (outgoing + incoming if you own the target), and `total`.
`400`	Invalid `proof_hash` format (must be 64-char SHA-256 hex).
`401`	Missing or invalid bearer token.
`404`	Collapsed: the proof either does not exist or exists but belongs to another tenant. The response body is byte-identical in both cases — proof hashes are not authorization tokens.

Multi-Agent Use Case: In a pipeline where multiple AI agents process different stages of a document (e.g., Agent A does intake, Agent B does analysis, Agent C does compliance review), each agent creates its own proof. Cross-references link these proofs into a verifiable end-to-end audit trail across all agents.

V2 API Endpoints

The V2 API provides an enhanced response format with request IDs, rate limit headers, and structured error codes. V1 remains the stable, backward-compatible version and is not deprecated.

Version Strategy: V1 endpoints are locked and will continue to work indefinitely. V2 adds enhancements without breaking V1 consumers. You can also use V2 response format on V1 endpoints by sending the Accept-Version: v2 header.

V2 Response Enhancements

api_version

Response includes "api_version": "v2" field

request_id

Unique request identifier for tracing and support

X-RateLimit-Remaining

Response header showing remaining requests in current window

X-RateLimit-Reset

Response header indicating when the limit resets. Encode endpoints emit rolling-12h (window resets 12h after first request in window); other endpoints emit a UTC timestamp.

Structured Errors

Error responses include code and message fields inside an error object

`POST /api/v2/encode` AUTH

Same input as V1. Enhanced response with version metadata and rate limit info.

Request

curl -X POST https://ideaphase.app/api/v2/encode \
  -H "Authorization: Bearer swp_abc123..." \
  -H "Content-Type: application/json" \
  -d '{"text": "Your document text here.", "framework": "general"}'

Response Headers

X-API-Version: 2.0
X-RateLimit-Remaining: 87
X-RateLimit-Reset: 2026-03-01T15:00:00Z

Response Body (200 OK)

{
  "api_version": "v2",
  "request_id": "req_a1b2c3d4e5f6",
  "swp_version": "1.0",
  "encoding_id": "f7e8d9c0b1a2",
  "tagged_document": { ... },
  "prompt_template": "...",
  "lora_guidance": { ... },
  "metadata": { ... },
  "proof": { ... }
}

`POST /api/v2/encode/batch` AUTH

Same input as V1 batch. Enhanced response format with V2 metadata.

`GET /api/v2/proof/verify/{proof_hash}` PUBLIC

Verify a proof with V2 structured response format.

V2 Error Response Format

// V2 errors use structured codes
{
  "api_version": "v2",
  "error": {
    "code": "RATE_LIMITED",
    "message": "Rate limit exceeded (350 per rolling 12h window)"
  }
}

// Other error codes: INVALID_AUTH, SUBSCRIPTION_REQUIRED,
// MISSING_TEXT, INVALID_FRAMEWORK, TEXT_TOO_LONG, INVALID_FORMAT

Version Negotiation on V1 Endpoints

If you want V2 response format but want to keep using V1 URLs, add the Accept-Version: v2 header:

curl -X POST https://ideaphase.app/api/v1/encode \
  -H "Authorization: Bearer swp_abc123..." \
  -H "Accept-Version: v2" \
  -H "Content-Type: application/json" \
  -d '{"text": "Your text here.", "framework": "general"}'

// Response will include api_version: "v2" fields
// and X-RateLimit-* headers

Migration Path: Start with V1 for stability. When you need rate limit headers or request IDs for debugging, switch to V2 endpoints or add the Accept-Version: v2 header. Both versions use the same API keys and authentication.

Rate Limits & Quotas

API access is rate-limited to ensure fair usage across all clients.

Limit Type	Pro Keys	Founder Keys
Requests per minute	30	60
Requests per rolling 12h window	350	1,000
Max keys per account	5	Unlimited
Max input text length	50,000 characters
Max batch items per request	20

Rate Limit Response (429)

{
  "error": "Rate limit exceeded for this window",
  "limit": 350,
  "window": "rolling-12h"
}

V2 Rate Limit Headers

V2 endpoints (and V1 endpoints with Accept-Version: v2) include rate limit information in the response headers:

X-RateLimit-Remaining: 87      // Requests left in current window
X-RateLimit-Reset: rolling-12h           // Encode endpoints: window resets 12h after first request

Use these headers to implement client-side throttling and avoid hitting 429 errors.

Need higher limits? Contact ideaphase.needs@gmail.com to discuss enterprise plans with custom rate limits and SLA guarantees.

Error Reference

All errors return JSON with an error field. Common HTTP status codes:

Status	Meaning	Common Causes
`400`	Bad Request	Missing `text` field, invalid framework name, text too long
`401`	Unauthorized	Missing/invalid API key, expired key
`403`	Forbidden	No active Pro subscription, key revoked
`404`	Not Found	Invalid document_id or proof_hash
`429`	Rate Limited	Exceeded per-minute or rolling 12h request quota
`500`	Server Error	Internal processing error (contact support)

Example Error Responses

// 400 - Missing text
{ "error": "Missing 'text' field in request body" }

// 401 - Bad auth
{ "error": "Missing or invalid Authorization header. Use: Bearer <your_api_key>" }

// 403 - No subscription
{
  "error": "Active Pro subscription required to create API keys",
  "upgrade_url": "/subscribe"
}

// 404 - Proof not found
{ "verified": false, "message": "No proof found with this hash" }

Security & Metadata

Key Security

SHA-256 Hashed Storage: API keys are hashed before storage. IdeaPhase cannot recover your key — store it securely at creation.
Key Prefix Identification: Each key has a visible prefix (e.g., swp_a1b2) for identification without exposing the full key.
Instant Revocation: Compromised keys can be revoked immediately via the web UI or API.
Key Rotation: Atomically replace a key without downtime — old key is revoked and new one is issued in a single operation.

Data Privacy

No Content Storage: Your document content is processed in memory and never persisted to the database.
Hash-Only Proofs: The proof chain stores only SHA-256 hashes (input_hash, output_hash, proof_hash) — never raw content.
GDPR/HIPAA Compliant: Hash-only architecture means no personally identifiable information or protected health information is stored.
HTTPS Only: All API traffic is encrypted in transit via TLS.

Audit Trail

Full Request Logging: Every API request is logged with timestamp, key prefix, endpoint, status code, and processing time.
Proof Chain Integrity: Tamper detection via chained SHA-256 hashes — any modification breaks the chain and is detectable.
Usage Tracking: Per-key daily and total request counts for monitoring and accountability.

Server-Side Only: The Symbol Word Protocol classification algorithm runs entirely server-side. API consumers receive encoded output only — the tagging logic is never exposed.

Health & Discovery

Public endpoints for monitoring system health and discovering available API endpoints. No authentication required.

`GET /api/health`

Returns real-time system health with per-component status. Use this for uptime monitoring, load balancer health checks, or integration readiness verification. Returns HTTP 200 when healthy or degraded, HTTP 503 when unhealthy.

Authentication: None — Rate Limit: 30 requests/minute

Example Request

curl https://ideaphase.app/api/health

Example Response (200 OK)

{
  "status": "healthy",
  "components": {
    "api_server": { "status": "up", "response_time_ms": 1 },
    "database": { "status": "up", "response_time_ms": 12 },
    "proof_chain": { "status": "up", "response_time_ms": 8 },
    "encoding_engine": { "status": "up", "response_time_ms": 3 }
  },
  "timestamp": "2025-01-15T12:00:00.000Z",
  "version": "1.0"
}

Status Values

Overall Status	HTTP Code	Meaning
`healthy`	200	All components are up
`degraded`	200	Some components have issues but service is available
`unhealthy`	503	One or more critical components are down

`GET /api/v1/discovery`

Returns a complete, machine-readable catalog of all available API endpoints grouped by category. Useful for automated API client generation, documentation tools, or integration bootstrapping.

Authentication: None — Rate Limit: 10 requests/minute

Example Request

curl https://ideaphase.app/api/v1/discovery

Example Response (200 OK)

{
  "version": "1.0",
  "documentation": "https://ideaphase.app/swp-docs",
  "endpoints": {
    "encoding": {
      "v1": [
        { "method": "POST", "path": "/api/v1/encode", "auth": "Bearer token", "description": "Encode text with SWP tags" },
        { "method": "POST", "path": "/api/v1/encode/batch", "auth": "Bearer token", "description": "Batch encode up to 20 texts" }
      ],
      "v2": [ /* ... enhanced endpoints ... */ ]
    },
    "proofs": [ /* ... proof endpoints ... */ ],
    "webhooks": [ /* ... webhook endpoints ... */ ],
    "api_keys": [ /* ... key management endpoints ... */ ],
    "health": [
      { "method": "GET", "path": "/api/health", "auth": "none", "description": "System health check with component status" },
      { "method": "GET", "path": "/api/status", "auth": "none", "description": "System status overview" }
    ]
  },
  "rate_limits": {
    "encoding": "Pro: 30/min, 350 per 12h window (per API key); Founder: 60/min, 1000 per 12h window (per API key)",
    "proofs": "30 per minute (per IP)",
    "health": "30 per minute (per IP)",
    "discovery": "10 per minute (per IP)",
    "default_per_ip": "120/min, 2000/hour (applies to routes without explicit limits)"
  }
}

Integration Tip: Use the discovery endpoint to automatically configure your API client. The response includes all available endpoints, their authentication requirements, and current rate limits. This is the recommended starting point for new integrations.

`GET /docs` (Redirect)

Convenience redirect (HTTP 301) to /swp-docs. Provides a standard documentation shortcut for developers who expect to find API docs at /docs.

Authentication: None — Response: 301 Moved Permanently with Location: /swp-docs

# Both URLs reach this documentation
curl -L https://ideaphase.app/docs
curl https://ideaphase.app/swp-docs

Need Help?

IdeaPhase provides multiple support channels:

AI Support Chat: Get instant answers about SWP protocol, API usage, and troubleshooting at /support. Powered by GPT-4o with deep knowledge of the SWP platform. Available to all visitors, no login required.
System Status: Check real-time platform health at /status or programmatically via GET /api/health.
Email: ideaphase.needs@gmail.com for account-specific issues or partnership inquiries.

Integration Examples

Python

# pip install requests
import requests

API_KEY = "swp_your_api_key_here"
BASE_URL = "https://ideaphase.app"

# Encode a document
response = requests.post(
    f"{BASE_URL}/api/v1/encode",
    headers={
        "Authorization": f"Bearer {API_KEY}",
        "Content-Type": "application/json"
    },
    json={
        "text": "Your document content here...",
        "framework": "general"
    }
)

result = response.json()
tagged_text = result["tagged_document"]["full_text"]
proof_id = result["proof"]["document_id"]
proof_hash = result["proof"]["proof_hash"]

print(f"Tagged document: {tagged_text[:200]}...")
print(f"Document ID: {proof_id}")
print(f"Proof hash: {proof_hash}")
print(f"Chain position: {result['proof']['chain_position']}")

# Verify the proof (no auth needed)
verify = requests.get(f"{BASE_URL}/api/v1/proof/verify/{proof_hash}")
print(f"Verified: {verify.json()['verified']}")

JavaScript (Node.js)

// Using fetch (Node 18+) or install node-fetch
const API_KEY = "swp_your_api_key_here";
const BASE_URL = "https://ideaphase.app";

async function encodeDocument(text, framework = "general") {
  const response = await fetch(`${BASE_URL}/api/v1/encode`, {
    method: "POST",
    headers: {
      "Authorization": `Bearer ${API_KEY}`,
      "Content-Type": "application/json"
    },
    body: JSON.stringify({ text, framework })
  });

  if (!response.ok) {
    const error = await response.json();
    throw new Error(error.error);
  }

  return response.json();
}

// Usage
const result = await encodeDocument(
  "Contract clause: Party A shall deliver within 30 business days...",
  "legal"
);

console.log("Phase:", result.tagged_document.core_tags.phase);
console.log("Weight:", result.tagged_document.core_tags.weight);
console.log("Proof:", result.proof.document_id);
console.log("Chain #:", result.proof.chain_position);

cURL — Full Workflow

# Step 1: Encode a document
RESPONSE=$(curl -s -X POST https://ideaphase.app/api/v1/encode \
  -H "Authorization: Bearer swp_abc123..." \
  -H "Content-Type: application/json" \
  -d '{"text": "Deploy autonomous navigation module v2.3 with LIDAR failover.", "framework": "robotics"}')

# Step 2: Extract the proof hash
PROOF_HASH=$(echo $RESPONSE | jq -r '.proof.proof_hash')
DOC_ID=$(echo $RESPONSE | jq -r '.proof.document_id')

# Step 3: Download the full proof receipt
curl -H "Authorization: Bearer swp_abc123..." \
  https://ideaphase.app/api/v1/proof/$DOC_ID

# Step 4: Publicly verify the proof (no auth needed)
curl https://ideaphase.app/api/v1/proof/verify/$PROOF_HASH

# Step 5: Verify your entire proof chain
curl https://ideaphase.app/api/v1/proof/chain/swp_a1b2/verify

Integration Guide: SWP + Your Local LLM

This guide walks you through the complete workflow of using the SWP Encoding API with local language models like Ollama, LM Studio, or other Agent frameworks.

Key Concept: Your LLM never needs the API key. You call IdeaPhase, get back structured SWP-tagged output with a ready-to-use prompt template, then feed that template to your local model. The SWP tags guide the model to produce more structured, deterministic output.

Start Here: Call GET /api/v1/discovery to get a complete catalog of all available endpoints, their authentication requirements, and rate limits. This is the recommended first step when building a new integration. Need help? Visit the AI Support Chat for instant answers.

How the Flow Works

            Your Text
            →
            IdeaPhase API
            →
            SWP-Tagged Prompt
            →
            Your Local LLM
          
Your API key authenticates YOU to IdeaPhase — your LLM never sees it

Send your raw text to the IdeaPhase /api/v1/encode endpoint with your API key
Receive back: SWP-tagged document + prompt template + LoRA fine-tuning guidance + cryptographic proof
Take the prompt_template from the response and send it to your local LLM
The LLM reads the SWP tags and produces structured, metadata-aware output

Quick Start with Official SDKs (Recommended)

The fastest way to integrate SWP into your application is with the official SDKs. They handle authentication, error handling, and response parsing for you.

Python: Full Encode → Verify Workflow

from ideaphase import IdeaPhase

client = IdeaPhase(api_key="swp_your_key_here")

# 1. Encode your text
result = client.encode(
    "Design a patient intake system for emergency departments.",
    framework="healthcare"
)

# 2. Get the prompt template for your LLM
prompt = result["prompt_template"]

# 3. Send prompt to your local LLM (e.g., Ollama)
import requests
llm_response = requests.post("http://localhost:11434/api/generate", json={
    "model": "llama3",
    "prompt": prompt,
    "stream": False
})
print(llm_response.json()["response"])

# 4. Verify the proof later
verification = client.verify_proof(result["proof"]["proof_hash"])
print(f"Proof valid: {verification['verified']}")

JavaScript/TypeScript: Full Encode → Verify Workflow

import { IdeaPhase } from "ideaphase";

const client = new IdeaPhase({ apiKey: "swp_your_key_here" });

// 1. Encode your text
const result = await client.encode(
  "Design a patient intake system for emergency departments.",
  { framework: "healthcare" }
);

// 2. Get the prompt template for your LLM
const prompt = result.prompt_template;

// 3. Send prompt to your local LLM
const llmResponse = await fetch("http://localhost:11434/api/generate", {
  method: "POST",
  body: JSON.stringify({ model: "llama3", prompt, stream: false })
});
const llmResult = await llmResponse.json();
console.log(llmResult.response);

// 4. Verify the proof later
const verification = await client.verifyProof(result.proof.proof_hash);
console.log(`Proof valid: ${verification.verified}`);

SDK vs Raw HTTP: The SDK examples above replace ~15 lines of raw HTTP setup (headers, error parsing, URL construction) with 2–3 lines. See the SDKs tab for full SDK documentation including batch encoding, webhooks, and proof sharing. The raw HTTP examples below are provided for users who prefer direct API access.

Integration with Raw HTTP (cURL, requests, fetch)

If you prefer direct HTTP calls without an SDK, follow the steps below.

Step 0: Test Your API Key

Before encoding, verify your key works with this simple test endpoint. It tells you exactly what the server received, helping you catch quoting issues.

Linux / Mac / Git Bash

curl https://ideaphase.app/api/v1/key/test -H "Authorization: Bearer YOUR_SWP_API_KEY"

Windows CMD (one line)

curl https://ideaphase.app/api/v1/key/test -H "Authorization: Bearer YOUR_SWP_API_KEY"

Windows PowerShell

curl.exe https://ideaphase.app/api/v1/key/test -H "Authorization: Bearer YOUR_SWP_API_KEY"

Expected response: {"valid": true, "key_prefix": "swp_XXXXXXXX", "is_founder": true, "message": "API key is valid and active"}
If you get "valid": false, the response will tell you exactly what went wrong (wrong format, extra characters, key not found, etc.).

Step 1: Encode with cURL

Choose your platform below. The commands do the same thing — the only difference is how each terminal handles quotes.

Important: All commands must be pasted as a single line. Replace YOUR_SWP_API_KEY with your actual API key (starts with swp_). If your terminal wraps the text visually, that's fine — just make sure you don't insert any line breaks when pasting.

Linux / Mac / Git Bash

curl -X POST https://ideaphase.app/api/v1/encode -H "Authorization: Bearer YOUR_SWP_API_KEY" -H "Content-Type: application/json" -d '{"text": "Design a patient intake system for emergency departments.", "framework": "healthcare"}'

Windows CMD

Inner quotes in the JSON body are escaped with \".

curl -X POST https://ideaphase.app/api/v1/encode -H "Authorization: Bearer YOUR_SWP_API_KEY" -H "Content-Type: application/json" -d "{\"text\": \"Design a patient intake system for emergency departments.\", \"framework\": \"healthcare\"}"

Windows PowerShell

Use curl.exe with the --% stop-parsing token. This tells PowerShell to pass everything after it directly to curl without any interpretation:

curl.exe --% -X POST https://ideaphase.app/api/v1/encode -H "Authorization: Bearer YOUR_SWP_API_KEY" -H "Content-Type: application/json" -d "{\"text\": \"Design a patient intake system for emergency departments.\", \"framework\": \"healthcare\"}"

PowerShell notes:

Use curl.exe (not curl) because PowerShell aliases curl to Invoke-WebRequest.
The --% (stop-parsing token) is the key — it prevents PowerShell from mangling your JSON. Everything after --% is passed exactly as typed.
With --%, use the same \" escaping as CMD.

All three commands return a JSON response. The prompt_template field contains the complete prompt ready for your LLM.

Send to Ollama (all platforms)

Linux / Mac / Git Bash:

curl http://localhost:11434/api/generate -d '{"model": "llama3", "prompt": "[PASTE THE prompt_template VALUE HERE]", "stream": false}'

Windows CMD:

curl http://localhost:11434/api/generate -d "{\"model\": \"llama3\", \"prompt\": \"[PASTE THE prompt_template VALUE HERE]\", \"stream\": false}"

Windows PowerShell:

curl.exe --% http://localhost:11434/api/generate -d "{\"model\": \"llama3\", \"prompt\": \"[PASTE THE prompt_template VALUE HERE]\", \"stream\": false}"

Python Integration

A complete Python script showing the full workflow:

import requests

IDEAPHASE_URL = "https://YOUR-IDEAPHASE-URL"
SWP_API_KEY = "swp_your_api_key_here"

# Step 1: Encode with SWP
swp_response = requests.post(
    f"{IDEAPHASE_URL}/api/v1/encode",
    headers={
        "Authorization": f"Bearer {SWP_API_KEY}",
        "Content-Type": "application/json"
    },
    json={
        "text": "Your document or idea text goes here.",
        "framework": "general",
        "include_extended_tags": True
    }
)

result = swp_response.json()
prompt = result["prompt_template"]

# Step 2a: Send to Ollama
ollama_response = requests.post(
    "http://localhost:11434/api/generate",
    json={
        "model": "llama3",
        "prompt": prompt,
        "stream": False
    }
)
print(ollama_response.json()["response"])

# Step 2b: OR send to LM Studio (OpenAI-compatible)
lm_response = requests.post(
    "http://localhost:1234/v1/chat/completions",
    json={
        "model": "local-model",
        "messages": [
            {"role": "system", "content": "Process this SWP-encoded document precisely."},
            {"role": "user", "content": prompt}
        ],
        "temperature": 0.3
    }
)
print(lm_response.json()["choices"][0]["message"]["content"])

Download Full Integration Script

Complete Python script with Ollama, LM Studio, and OpenAI-compatible examples

Ollama Setup

Ollama runs open-source models locally on your machine. It has a simple REST API that works perfectly with SWP.

Install Ollama from ollama.ai
Pull a model: ollama pull llama3
Start the server: ollama serve (runs on port 11434)
Use the Python script above or the downloaded integration script

Recommended models for SWP: Llama 3 (8B or 70B), Mistral 7B, Phi-3, or Qwen 2.5. Larger models follow SWP tags more precisely, but even 7B models show significant improvement with tagged input.

LM Studio Setup

LM Studio provides a GUI for running local models with an OpenAI-compatible API server.

Download from lmstudio.ai
Search and download any GGUF model (Llama 3, Mistral, etc.)
Go to the "Local Server" tab and click "Start Server" (runs on port 1234)
LM Studio exposes an OpenAI-compatible API — use the /v1/chat/completions endpoint

import requests

prompt = result["prompt_template"]  # From SWP encode response

response = requests.post(
    "http://localhost:1234/v1/chat/completions",
    json={
        "model": "local-model",
        "messages": [
            {
                "role": "system",
                "content": "You are processing an SWP-encoded document. Follow all tag instructions precisely."
            },
            {
                "role": "user",
                "content": prompt
            }
        ],
        "temperature": 0.3,
        "max_tokens": 2000
    }
)

print(response.json()["choices"][0]["message"]["content"])

Agent Frameworks

For agent frameworks, the SWP API call happens from within your agent's tool or action definition. The key insight: SWP is a pre-processing step that runs before your agent sends text to its LLM.

Integration Pattern for Agent Frameworks

import requests

def swp_encode_tool(text, framework="general"):
    """
    Agent tool: Pre-process text through SWP before LLM reasoning.
    Add this as a custom tool in your agent framework.
    """
    response = requests.post(
        "https://YOUR-IDEAPHASE-URL/api/v1/encode",
        headers={
            "Authorization": "Bearer YOUR_SWP_API_KEY",
            "Content-Type": "application/json"
        },
        json={"text": text, "framework": framework}
    )
    data = response.json()

    return {
        "tagged_text": data["tagged_document"]["full_text"],
        "prompt": data["prompt_template"],
        "proof_id": data.get("proof", {}).get("document_id"),
        "tags": data["tagged_document"]["core_tags"]
    }

# In your agent's workflow:
# 1. Agent receives a task
# 2. Agent calls swp_encode_tool() to tag relevant documents
# 3. Agent uses the tagged prompt for its LLM reasoning
# 4. Result: More structured, auditable agent output

Agent specific: Add the swp_encode_tool function as a custom tool in your Agent configuration. The agent can then call it to pre-process any document before reasoning. If your Agent runs in Docker, make sure the container can reach the IdeaPhase URL (use the public URL, not localhost).

Any OpenAI-Compatible Endpoint

SWP works with any system that accepts text prompts. If your tool uses the OpenAI API format (most do), use this pattern:

import requests

def send_to_any_openai_endpoint(prompt, base_url, api_key="not-needed", model="default"):
    """Works with: LM Studio, Ollama (OpenAI mode), vLLM,
    text-generation-webui, LocalAI, and others."""
    response = requests.post(
        f"{base_url}/v1/chat/completions",
        headers={
            "Content-Type": "application/json",
            "Authorization": f"Bearer {api_key}"
        },
        json={
            "model": model,
            "messages": [
                {"role": "system", "content": "Process this SWP-encoded document precisely."},
                {"role": "user", "content": prompt}
            ],
            "temperature": 0.3
        }
    )
    return response.json()["choices"][0]["message"]["content"]

# Examples:
# Ollama (OpenAI mode):  send_to_any_openai_endpoint(prompt, "http://localhost:11434")
# LM Studio:             send_to_any_openai_endpoint(prompt, "http://localhost:1234")
# vLLM:                  send_to_any_openai_endpoint(prompt, "http://localhost:8000")
# LocalAI:               send_to_any_openai_endpoint(prompt, "http://localhost:8080")

What You Get Back from the API

Every encode call returns these key fields:

Field	What It Contains	What To Do With It
`tagged_document.full_text`	Your text with SWP tags prepended	Use for archival, display, or custom prompt building
`prompt_template`	Complete prompt with instructions + tagged document	Send this directly to your LLM — it is ready to use
`tagged_document.core_tags`	Phase, weight, symbolic_id, swp_sum	Use for filtering, routing, or dashboard displays
`tagged_document.domain_tags`	Sector, regulatory standards, metadata tags	Use for metadata checks and audit reporting
`lora_guidance`	Fine-tuning parameters and tag dimension mappings	Use if building a custom LoRA adapter for SWP-native models
`proof`	Document ID, SHA-256 proof hash, chain position	Store for audit trail and tamper detection

Founder Key vs. Pro Key

Feature	Founder Key	Pro Key
How to get it	Become a Co-Founder the key looks like`SWP_FOUNDER_API_KEY`	Create from the API Key Management section on the main page (requires Pro subscription)
Window limit	1,000 requests per rolling 12h window	350 requests per rolling 12h window
Rate limit	60 requests/minute	30 requests/minute
Max keys	Unlimited	5 per user
Usage	Internal testing, development, demos	Client/customer access

Security reminder: Never paste your API key directly into an LLM prompt or share it in chat. The key authenticates your API calls only — your LLM receives the prompt template (which contains the SWP tags and your document), not the key.

Verifying Proofs

Every encoded document gets a cryptographic proof. You can verify proofs publicly without authentication:

# Verify a specific proof (no API key needed)
curl https://YOUR-IDEAPHASE-URL/api/v1/proof/verify/YOUR_PROOF_HASH

# Check chain integrity for an API key
curl https://YOUR-IDEAPHASE-URL/api/v1/proof/chain/YOUR_KEY_PREFIX/verify

This is how you prove a document existed at a specific time and hasn't been tampered with — critical for regulated industries.

Production Deployment Guide

This guide covers deploying SWP-tagged applications and integrating IdeaPhase into your production systems.

Frequently Asked Questions

Q: How do I deploy my SWP-tagged documents to production?

Tagged documents can be exported directly from IdeaPhase. Use the download buttons to get your tagged files (.txt format) or proof receipts (.txt format). These files can be integrated into any system that processes text.

Q: Can I verify document proofs after deployment?

Yes! Every proof includes a SHA256 hash and UTC timestamp. To verify: regenerate the hash from your document content using SHA256, then compare it to the stored proof. The hashes should match exactly if the document hasn't been modified.

Q: How do I integrate SWP tags with my AI system?

Add the recommended system prompt (available on the home page) to your LLM configuration. The prompt instructs AI to look for SWP meta-data headers first, then process content based on phase and weight indicators.

Q: What's the best way to batch process documents in production?

Pro subscribers can use the Batch Processing tab to tag multiple documents at once via the web UI. For programmatic access, use the SWP Encoding API — see the API Reference tab for full endpoint documentation with examples.

Q: How do domain frameworks affect my production workflow?

Domain frameworks (Healthcare, Robotics, Legal, Education, Finance) add metadata-specific tags. When your AI system sees @sector: Healthcare and @regulatory_standards: HIPAA, it knows to apply appropriate data handling rules. Choose the framework that matches your production domain.

Q: Are document proofs legally binding?

Cryptographic proofs provide strong evidence that a document existed in a specific form at a specific time. They serve as supporting documentation for record-keeping and dispute resolution. Each proof includes a timestamp and can be independently verified.

API Integration

IdeaPhase provides a full REST API for programmatic SWP encoding, key management, and cryptographic proof verification. Pro subscribers can create API keys and start encoding immediately.

REST API: Full documentation with input/output examples in the API Reference tab
Proof Chain: Every API-encoded document gets a verifiable cryptographic proof with chain integrity
Code Examples: Python, JavaScript, and cURL examples ready to copy and use
7 Domain Frameworks: Healthcare, Robotics, Legal, Education, Finance, AI-Agents, and General

For enterprise needs (custom rate limits, SLA guarantees, custom frameworks), contact ideaphase.needs@gmail.com.

Security Considerations

Data Privacy: Documents are processed but not stored permanently. Only proof hashes are retained.
HTTPS Only: All traffic is encrypted in transit.
No Third-Party Sharing: Your content is never shared with external parties.
Metadata Ready: Framework tags indicate but don't enforce compliance; implement appropriate controls in your systems.